382b626bc6e778650eb7685f23f949a5f483e6a4d62e7fe3b0a0222df3992eb8

Analysis

max time kernel
25s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 23:15

Target

382b626bc6e778650eb7685f23f949a5f483e6a4d62e7fe3b0a0222df3992eb8.dll
Size

7KB
MD5

b92d70975e9c0b312be384a1c9feef70
SHA1

877eee665ddcc1237cd8261ea231e497057174c5
SHA256

382b626bc6e778650eb7685f23f949a5f483e6a4d62e7fe3b0a0222df3992eb8
SHA512

12e969fa770f25a248f60ee4ecb9dd7b3ddbe82c44d7b9b3ff382d3a1cf634024475a13957668e54a5b8420c7132433fa4a7cecc3b975dc0b49aba3db7b07dc2
SSDEEP

96:Ts1Wnnnynnnnnnnn6nnann7nnXnnbnnKniROHfbJoNEXZef2RDGe92:YX2f9JM2Rya2

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 2032	1756	rundll32.exe	28
PID 1756 wrote to memory of 2032	1756	rundll32.exe	28
PID 1756 wrote to memory of 2032	1756	rundll32.exe	28
PID 1756 wrote to memory of 2032	1756	rundll32.exe	28
PID 1756 wrote to memory of 2032	1756	rundll32.exe	28
PID 1756 wrote to memory of 2032	1756	rundll32.exe	28
PID 1756 wrote to memory of 2032	1756	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\382b626bc6e778650eb7685f23f949a5f483e6a4d62e7fe3b0a0222df3992eb8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\382b626bc6e778650eb7685f23f949a5f483e6a4d62e7fe3b0a0222df3992eb8.dll,#1
  2⤵
  PID:2032

memory/2032-55-0x0000000075291000-0x0000000075293000-memory.dmp

Filesize
8KB

Download